The last flag has been captured, and the final tallies are in. Over 16,000
people from around the world participated in
Capture the Flag 2.0
during its week-long run, and it's been a blast exploring web application
security with all of you.

Unique IP Addresses

This time we knew we had to prepare for high demand, so we worked to build more
powerful infrastructure, bringing in our expertise from making Stripe itself
scalable, reliable, and fast. There are some interesting challenges in building
applications geared for thousands of people to simultaneously break in,
and Greg wrote about the details of our architecture on his
personal blog.

In case you didn't get a chance to try them all, I've published the
source code to each
of the levels and the
slides
from our talk at the meetup.
Many great walkthroughs have been posted online, including
anumberfromindividuals
and two from the security firms
IOActive
and
Trustwave.

Average Time per Level

We wanted to make the challenges accessible to both seasoned security veterans
and relative newcomers, so we tried to order them by increasing difficulty.
Judging by the steadily climbing amount of time people spent on each level, it
looks like we did all right. By all accounts, everyone had a lot of fun, and we
hope you found it more enlightening than frustrating.